Solved: ISE with RSA Token ID store

tgraham · ‎01-05-2018

I need instructions on creating the sdconf.rec file please.

Our documentation says:

RSA Configuration in Cisco ISE

The RSA administrative system generates an sdconf.rec file, which the RSA system administrator will provide to you. This file allows you to add Cisco ISE servers as RSA SecurID agents in the realm. You have to browse and add this file to Cisco ISE. By the process of replication, the primary Cisco ISE server distributes this file to all the secondary servers.

RSA documentation says: https://community.rsa.com/api/core/v3/contents/107510/data?v=1

Important: The UDP-based authentication agent’s hostname must resolve to the IP address specified.

1) is/are the agent hosts to be added the primary Admin or primary *and* secondary Admin? (I assume you *have* to put the IP address of the secondary)

2) if 1) is 'yes' then how do we achieve the requirement that authentication agent’s hostname must resolve to the IP address specified? - in the case of primary/secondary there are two IP addresses with two hostnames.

I have my installation working with the primary IP & hostname with the IP of the secondary as an alternate. I have not been able to show that the secondary is able to authenticate to the Token server.

Thanks.

hslai · ‎01-05-2018

All ISE nodes to auth against the RSA need to be added in the RSA server and then generate the configuration file, which is to be imported to ISE primary PAN.

View solution in original post

hslai · ‎01-05-2018

All ISE nodes to auth against the RSA need to be added in the RSA server and then generate the configuration file, which is to be imported to ISE primary PAN.